US10142319B2ActiveUtilityA1

Protecting network communication security

50
Assignee: IBMPriority: Jul 28, 2014Filed: Dec 19, 2017Granted: Nov 27, 2018
Est. expiryJul 28, 2034(~8.1 yrs left)· nominal 20-yr term from priority
H04L 63/0807
50
PatentIndex Score
0
Cited by
34
References
13
Claims

Abstract

A method and apparatus for protecting a network communication security. In one embodiment, there is provided a method for protecting network communication security at a server. The method comprises: in response to a request from a client, determining whether a token from the client is included in a valid token queue, the valid token queue being a First-In-First-Out queue; in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue; and sending a response to the client based on the managing of the valid token queue. There is further disclosed a corresponding method and apparatuses at client side.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for protecting network communication security at a server by updating tokens in a valid token queue comprising a plurality of valid tokens that are maintained at the server, the method comprising:
 in response to a request from a client, determining, by the server, whether a token from the client is included in the valid token, the valid token queue being a first-in-first-out queue; 
 in response to the token being included in the valid token queue, the server managing the valid token queue based on a position of the token in the valid token queue, wherein managing the valid token queue based on a position of the token in the valid token queue comprises:
 keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance; 
 generating a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance; and 
 in response to generating the new token, updating the valid token queue with the new token when the token from the client is at the end of the valid token queue; and 
 
 the server sending a response that includes the new token to the client based on the managing of the valid token queue. 
 
     
     
       2. The method according to  claim 1 , wherein sending a response to the client based on the managing of the valid token queue comprises:
 sending the new token to the client for subsequent use by the client in lieu the token. 
 
     
     
       3. The method according to  claim 1 , further comprising:
 sending to the client a message indicating failure of token verification in response to the token being not included in the valid token queue, wherein the message requests the client to re-send the request to the server. 
 
     
     
       4. A method for protecting network communication security at a server by adjusting a length of a valid token queue comprising a plurality of valid tokens that are maintained at a server, the method comprising:
 in response to a request from a client, determining, by the server, whether a token from the client is included in the valid token queue, the valid token queue being a first-in-first-out queue; 
 in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue; 
 sending a response to the client based on the managing of the valid token queue; and 
 adjusting the length of the valid token queue based on a condition of a network connection between the client and the server; 
 wherein managing the valid token queue based on a position of the token in the valid token queue further comprises keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance, and wherein the valid token queue is updated with the new token when the token from the client is at the end of the valid token queue. 
 
     
     
       5. The method according to  claim 4 , further comprising:
 determining counts of failure of token verification within a predetermined period of time to obtain the condition of the network connection. 
 
     
     
       6. An apparatus for protecting network communication security at a server using a valid token queue comprising a plurality of valid tokens that are maintained at the server, the apparatus comprising:
 a token verifying unit configured to, in response to a request from a client, determine whether a token from the client is included in a valid token queue, the valid token queue being a first-in-first-out queue; 
 a token managing unit configured to, in response to the token being included in the valid token queue, manage the valid token queue based on a position of the token in the valid token queue by keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance, generating a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance, and in response to generating the new token, updating the valid token queue with the new token when the token from the client is at the end of the valid token queue; and 
 a response sending unit configured to send a response that includes the new token to the client based on the managing of the valid token queue. 
 
     
     
       7. The apparatus according to  claim 6 , wherein the valid token queue comprises a plurality of valid tokens that are maintained at the server, and wherein the token managing unit comprises:
 a new token generating unit configured to generate a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance; and 
 a token updating unit configured to update the valid token queue with the new token. 
 
     
     
       8. The apparatus according to  claim 7 , wherein the response sending unit comprises:
 a new token sending unit configured to send the new token to the client for subsequent use by the client in lieu the token. 
 
     
     
       9. The apparatus according to  claim 6 , wherein the token managing unit comprises:
 a token keeping unit configured to keep the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance. 
 
     
     
       10. The apparatus according to  claim 6 , further comprising:
 a failure message sending unit configured to send to the client a message indicating failure of token verification in response to the token being not included in the valid token queue. 
 
     
     
       11. The apparatus according to  claim 6 , further comprising:
 a queue length adjusting unit configured to adjust a length of the valid token queue based on a condition of a network connection between the client and the server. 
 
     
     
       12. The apparatus according to  claim 11 , further comprising:
 a failure counting unit configured to determine counts of failure of token verification within a predetermined period of time to obtain the condition of the network connection. 
 
     
     
       13. A computer program product for protecting network communication security by updating tokens in a valid token queue comprising a plurality of valid tokens that are maintained at the server, the computer program product comprising a non-transitory computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to carry out steps of:
 in response to a request from a client, determining, by the server, whether a token from the client is included in the valid token queue, the valid token queue being a first-in-first-out queue; 
 in response to the token being included in the valid token queue, managing the valid token queue based on a position of the token in the valid token queue, wherein managing the valid token queue based on a position of the token in the valid token queue comprises:
 keeping the valid token queue unchanged in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being greater than or equal to a threshold distance; 
 generating a new token in response to a distance of the position of the token in the valid token queue from an end of the valid token queue being less than a threshold distance; and 
 in response to generating the new token, updating the valid token queue with the new token when the token from the client is at the end of the valid token queue; and 
 
 sending a response that includes the new token to the client based on the managing of the valid token queue.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.